[Samba] Access Windows files with individual user credentials
Stefan Kania
stefan at kania-online.de
Tue Mar 15 07:49:31 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 15.03.2016 um 00:17 schrieb B Martin:
> Dear fellow Samba fans,
>
> This seems like a blatantly obvious need, but I'm not finding
> anything in the Samba literature addressing it. Maybe my search-fu
> is just failing me.
>
> I have a collection of Linux machines with multiple simultaneous
> users. The Linux machines are all running Samba 4.1.7, compiled
> from the source since my distro (CentOS 6.6) isn't that current.
> We are operating in a Windows A/D domain via Winbind, and
> everything in that area seems to be working great. Linux can see
> all the user accounts, knows their group memberships, etc., and
> their Windows login passwords work fine on the Linux boxes.
>
> The Linux users want to access Windows network shares, which I
> currently implement using the automounter and a bit of code
> commonly floating around the Internet to mount it via smbclient.
> The problem with this approach is that smbclient needs login
> credentials at the time it sets up the mount. Everyone using that
> mount is then being treated as if they were using the same login
> credentials. They don't gain their own individual access rights to
> files on the Windows share. That's been OK so far, but the users
> are becoming more sophisticated in this environment and now need
> more sophisticated access controls.
>
> As I think about this, it seems to me that my current
> implementation is modeling the Windows drive mapping function,
> where the credentials are checked at the time the drive is
> accessed, and remains constant for the entire machine even if
> another user logs into it. What I really want is something that is
> similar to Windows UNC access, in which as I understand it,
> credentials are checked on each file open based on the particular
> user that is trying to open the file. This is obviously a far more
> flexible, sophisticated approach that gives Linux users
> fine-grained access to files just like they would have if
> connecting from a Windows client.
>
> I can't really believe this has never been discussed before, but
> I'm not finding it. Can someone please point me in the right
> direction?
>
> Thanks everyone.
>
> -Brian
>
I use pam_mount for mounting samba-shares on a Linux-client.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlbnvosACgkQ2JOGcNAHDTZjDACfWxTR4DDw8EaDJXa09gOXPagS
6kIAn3IDrDX7hkIoC+akW4GVP5w+2zhA
=ffD1
-----END PGP SIGNATURE-----
More information about the samba
mailing list